src/fs/noseclabelfs/dosnoseclabelfs.cil


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense

(block dos
    (macro map_fs_files ((type ARG1))
	(allow ARG1 fs (file (map))))
    
    (macro boot_file_type_transition_fs ((type ARG1))
	(call .boot.file_type_transition
	    (ARG1 fs dir "efi")))

    (macro root_file_type_transition_fs ((type ARG1))
	(call .root.file_type_transition
	    (ARG1 fs dir "efi")))    

    (genfscon "fat" "/" fs_context)
    (genfscon "hfs" "/" fs_context)
    (genfscon "hfsplus" "/" fs_context)
    (genfscon "msdos" "/" fs_context)
    (genfscon "ntfs" "/" fs_context)
    (genfscon "ntfs-3g" "/" fs_context)
    (genfscon "ntfs3" "/" fs_context)
    (genfscon "vfat" "/" fs_context)
    (genfscon "exfat" "/" fs_context)

    (blockinherit .noseclabelfs.template)
    
    (call .rbacsep.exempt.obj.type (fs))
    (call .xattr.associate_fs (fs))
    
    (filecon "/boot/efi" dir fs_context)
    (filecon "/boot/efi/.*" any ())

    (filecon "/efi" dir fs_context)
    (filecon "/efi/.*" any ()))